Building a Basic Network Scanner in C++

Network scanning is a fundamental task in network management and security. It involves identifying active hosts and open ports on a network. In this comprehensive guide, we will walk you through the process of building a basic network scanner using C++. This guide is designed for professionals, beginners, and developers who want to enhance their understanding of network programming and practical C++ applications.

Introduction to Network Scanning

Network scanning is a technique used to discover active devices on a network. It can be used for various purposes, including:

• Network Inventory Management: Keeping track of devices connected to the network.
• Security Auditing: Identifying potential vulnerabilities in network devices.
• Network Troubleshooting: Diagnosing network issues by identifying active hosts.
• Compliance Checking: Ensuring that all devices on the network are compliant with security policies.

There are several tools and programming languages that can be used for network scanning, but C++ offers a powerful and efficient way to perform this task. C++ is a high-performance language that allows direct memory manipulation, making it ideal for network programming tasks.

Prerequisites

Before we dive into the code, ensure you have the following prerequisites:

• C++ Compiler: You can use g++ if you are on a Unix-like system or Visual Studio if you are on Windows.
• Basic Knowledge of C++: Familiarity with C++ syntax and basic programming concepts.
• Understanding of Networking Fundamentals: Concepts such as IP addresses, ports, and network protocols.

Setting Up the Development Environment

Before we start coding, let's set up our development environment. If you are using a Unix-like system, you can install g++ using your package manager. For example, on Ubuntu, you can use:

sudo apt-get update
sudo apt-get install g++
    

If you are using Windows, you can download and install Visual Studio Community, which is a free and feature-rich IDE for C++ development.

Understanding the Basics of Network Programming in C++

Network programming in C++ involves using sockets, which are endpoints for communication channels. Sockets can be created, connected, and used to send and receive data. Here are the key concepts you need to understand:

1. Sockets

A socket is an endpoint for communication between two applications. In C++, sockets are created using the socket() function. Here is a basic example of creating a socket:

#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>

int main() {
    int sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0) {
        perror("Socket creation failed");
        return 1;
    }
    return 0;
}
    

• AF_INET: Specifies the address family (IPv4).
• SOCK_STREAM: Specifies the socket type (TCP).
• 0: Specifies the protocol (0 for default, which is TCP for SOCK_STREAM).

2. Address Structures

To connect to a remote host, you need to specify the address and port. This is done using the sockaddr_in structure:

struct sockaddr_in {
    short sin_family;  // Address family (AF_INET)
    unsigned short sin_port;  // Port number
    struct in_addr sin_addr;  // IP address
    char sin_zero[8];  // Padding
};
    

Here is how you can set up the address structure:

struct sockaddr_in server_address;
memset(&server_address, 0, sizeof(server_address));  // Zero out the structure
server_address.sin_family = AF_INET;
server_address.sin_port = htons(80);  // Port 80 (HTTP)
server_address.sin_addr.s_addr = inet_addr("192.168.1.1");  // IP address
    

3. Connecting to a Host

To connect to a host, you use the connect() function:

if (connect(sock, (struct sockaddr*)&server_address, sizeof(server_address)) < 0) {
    perror("Connection failed");
    close(sock);
    return 1;
}
    

4. Sending and Receiving Data

Once the connection is established, you can send and receive data using the send() and recv() functions:

char message[] = "Hello, Server!";
if (send(sock, message, strlen(message), 0) < 0) {
    perror("Send failed");
    close(sock);
    return 1;
}

char buffer[1024];
int bytes_received = recv(sock, buffer, sizeof(buffer), 0);
if (bytes_received < 0) {
    perror("Receive failed");
    close(sock);
    return 1;
}

buffer[bytes_received] = '\0';
printf("Received: %s\n", buffer);
    

Building the Network Scanner

Now that we have a basic understanding of network programming in C++, let's build our network scanner. The scanner will perform the following tasks:

• Scan a range of IP addresses.
• Check if a host is active by attempting to connect to a specific port.
• Print the IP addresses of active hosts.

Step 1: Define the IP Range

First, we need to define the range of IP addresses to scan. We will use a simple approach to generate IP addresses in a range. For example, we might want to scan all hosts in the range 192.168.1.1 to 192.168.1.254.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>

void generate_ip_range(char* start_ip, char* end_ip, char ip_range[][16]) {
    struct in_addr start_addr, end_addr;
    inet_pton(AF_INET, start_ip, &start_addr);
    inet_pton(AF_INET, end_ip, &end_addr);

    uint32_t start = ntohl(start_addr.s_addr);
    uint32_t end = ntohl(end_addr.s_addr);

    int count = 0;
    for (uint32_t i = start; i <= end; i++) {
        struct in_addr addr;
        addr.s_addr = htonl(i);
        strcpy(ip_range[count], inet_ntoa(addr));
        count++;
    }
}

int main() {
    char ip_range[254][16];
    generate_ip_range("192.168.1.1", "192.168.1.254", ip_range);

    return 0;
}
    

Step 2: Create the Socket

Next, we need to create a socket that will be used to connect to the hosts. We will use the socket() function to create the socket:

int create_socket() {
    int sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0) {
        perror("Socket creation failed");
        exit(1);
    }
    return sock;
}
    

Step 3: Check Host Availability

To check if a host is active, we will attempt to connect to a specific port. If the connection is successful, the host is active. We will use the connect() function to establish the connection:

int check_host(const char* ip, int port) {
    int sock = create_socket();

    struct sockaddr_in server_address;
    memset(&server_address, 0, sizeof(server_address));
    server_address.sin_family = AF_INET;
    server_address.sin_port = htons(port);
    server_address.sin_addr.s_addr = inet_addr(ip);

    int result = connect(sock, (struct sockaddr*)&server_address, sizeof(server_address));
    close(sock);

    return result;
}
    

Step 4: Scan the IP Range

Now, we can scan the IP range and print the IP addresses of active hosts:

int main() {
    char ip_range[254][16];
    generate_ip_range("192.168.1.1", "192.168.1.254", ip_range);

    int port = 80;  // Port to scan

    for (int i = 0; i < 254; i++) {
        if (check_host(ip_range[i], port) == 0) {
            printf("Host %s is active on port %d\n", ip_range[i], port);
        }
    }

    return 0;
}
    

Optimizing the Network Scanner

The basic network scanner we built is functional, but it can be optimized for better performance and scalability. Here are some optimization techniques:

1. Multi-threading

Scanning a large range of IP addresses can be time-consuming. By using multi-threading, we can scan multiple hosts simultaneously, reducing the overall scanning time.

#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>

void* check_host_thread(void* arg) {
    struct {
        char ip[16];
        int port;
    } *data = (struct { char ip[16]; int port; }*)arg;

    int sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0) {
        perror("Socket creation failed");
        pthread_exit(NULL);
    }

    struct sockaddr_in server_address;
    memset(&server_address, 0, sizeof(server_address));
    server_address.sin_family = AF_INET;
    server_address.sin_port = htons(data->port);
    server_address.sin_addr.s_addr = inet_addr(data->ip);

    int result = connect(sock, (struct sockaddr*)&server_address, sizeof(server_address));
    close(sock);

    if (result == 0) {
        printf("Host %s is active on port %d\n", data->ip, data->port);
    }

    pthread_exit(NULL);
}

int main() {
    char ip_range[254][16];
    generate_ip_range("192.168.1.1", "192.168.1.254", ip_range);

    int port = 80;  // Port to scan
    pthread_t threads[254];
    struct { char ip[16]; int port; } data[254];

    for (int i = 0; i < 254; i++) {
        strcpy(data[i].ip, ip_range[i]);
        data[i].port = port;
        pthread_create(&threads[i], NULL, check_host_thread, &data[i]);
    }

    for (int i = 0; i < 254; i++) {
        pthread_join(threads[i], NULL);
    }

    return 0;
}
    

2. Port Scanning

Instead of scanning a single port, you can extend the scanner to check multiple ports for each host. This can help identify services running on different ports.

int main() {
    char ip_range[254][16];
    generate_ip_range("192.168.1.1", "192.168.1.254", ip_range);

    int ports[] = { 80, 443, 22, 21 };  // Ports to scan
    int num_ports = sizeof(ports) / sizeof(ports[0]);

    pthread_t threads[254 * num_ports];
    struct { char ip[16]; int port; } data[254 * num_ports];

    int thread_index = 0;
    for (int i = 0; i < 254; i++) {
        for (int j = 0; j < num_ports; j++) {
            strcpy(data[thread_index].ip, ip_range[i]);
            data[thread_index].port = ports[j];
            pthread_create(&threads[thread_index], NULL, check_host_thread, &data[thread_index]);
            thread_index++;
        }
    }

    for (int i = 0; i < 254 * num_ports; i++) {
        pthread_join(threads[i], NULL);
    }

    return 0;
}
    

3. Error Handling

Proper error handling is crucial for a robust network scanner. Ensure that your code handles all potential errors gracefully. For example, you can handle socket creation failures, connection failures, and thread creation failures:

void* check_host_thread(void* arg) {
    struct {
        char ip[16];
        int port;
    } *data = (struct { char ip[16]; int port; }*)arg;

    int sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0) {
        perror("Socket creation failed");
        pthread_exit(NULL);
    }

    struct sockaddr_in server_address;
    memset(&server_address, 0, sizeof(server_address));
    server_address.sin_family = AF_INET;
    server_address.sin_port = htons(data->port);
    server_address.sin_addr.s_addr = inet_addr(data->ip);

    int result = connect(sock, (struct sockaddr*)&server_address, sizeof(server_address));
    close(sock);

    if (result == 0) {
        printf("Host %s is active on port %d\n", data->ip, data->port);
    }

    pthread_exit(NULL);
}

int main() {
    char ip_range[254][16];
    generate_ip_range("192.168.1.1", "192.168.1.254", ip_range);

    int ports[] = { 80, 443, 22, 21 };  // Ports to scan
    int num_ports = sizeof(ports) / sizeof(ports[0]);

    pthread_t threads[254 * num_ports];
    struct { char ip[16]; int port; } data[254 * num_ports];

    int thread_index = 0;
    for (int i = 0; i < 254; i++) {
        for (int j = 0; j < num_ports; j++) {
            strcpy(data[thread_index].ip, ip_range[i]);
            data[thread_index].port = ports[j];
            if (pthread_create(&threads[thread_index], NULL, check_host_thread, &data[thread_index]) != 0) {
                perror("Thread creation failed");
                exit(1);
            }
            thread_index++;
        }
    }

    for (int i = 0; i < 254 * num_ports; i++) {
        if (pthread_join(threads[i], NULL) != 0) {
            perror("Thread join failed");
            exit(1);
        }
    }

    return 0;
}
    

Testing and Debugging

Once you have written your network scanner, it's important to test it thoroughly to ensure it works as expected. Here are some steps to test and debug your network scanner:

• Test with Known Hosts: Use known active and inactive hosts to test the scanner's accuracy.
• Check for Memory Leaks: Use tools like Valgrind to check for memory leaks.
• Profile Performance: Use profiling tools to identify and optimize performance bottlenecks.
• Test with Different Networks: Test the scanner on different networks to ensure it works in various environments.
• Handle Edge Cases: Test the scanner with edge cases, such as invalid IP addresses and port ranges.

Conclusion

Building a basic network scanner in C++ is a valuable skill for professionals, beginners, and developers interested in network programming and security. In this guide, we covered the fundamentals of network programming in C++, including creating sockets, connecting to hosts, and sending and receiving data. We then built a simple network scanner that scans a range of IP addresses for active hosts and extended it with multi-threading, port scanning, and error handling.

By following this guide, you should have a solid understanding of how to build and optimize a network scanner using C++. Continue to explore advanced topics in network programming to enhance your skills and create more sophisticated network tools.

Further Reading

For further reading and to deepen your knowledge, consider the following resources:

• Beej's Guide to Network Programming
• CMU Sockets Programming Guide
• socket(2) Linux Manual Page
• connect(2) Linux Manual Page

Happy coding and network scanning!